Analyzing the impact of quantum computing on IoT security using computational based data analytics techniques

: The Internet of Things (IoT) market is experiencing exponential growth, with projections increasing from 15 billion dollars to an estimated 75 billion dollars by 2025. Quantum computing has emerged as a key enabler for managing the rapid expansion of IoT technology, serving as the foundation for quantum computing support. However, the adoption of quantum computing also introduces numerous privacy and security challenges. We delve into the critical realm of quantum-level security within a typical quantum IoT. To achieve this objective, we identified and precisely analyzed security attributes at various levels integral to quantum computing. A hierarchical tree of quantum computing security attributes was envisioned, providing a structured approach for systematic and efficient security considerations. To assess the impact of security on the quantum-IoT landscape, we employed a unified computational model based on Multi-Criteria Decision-Making (MCDM), incorporating the Analytical Hierarchy Process (AHP)


Introduction
In the present context, quantum technology enhances a wide range of application areas, such as 5G wireless connections, the IoT, wearable technology, and artificial intelligence (AI).Quantum computing is a highly centralized computing infrastructure that processes and caches data from both the site of generation and cloud.Quantum computing extends cloud computing and complements the concept of agile devices that can operate at the network's fringes [1].Quantum computing delivers various services while handling diverse sensors, processes, users, actuators, and connectivity by bringing processing capability closer to the users.Quantum setups are proficient at processing diverse volumes of data locally, operating under the assumption that they are fully compact and can be integrated into integrated hardware [2].Quantum computing could help with IoT applications and address the limitations of the cloud when it comes to handling time-sensitive apps [3].
However, quantum computing, characterized as an augmentation of cloud computing, exhibits unique attributes in wireless connectivity, regional subtlety, and geographical responsiveness, which give rise to new concerns about security and forensics [1].Many threats in the context of cloud security and forensics remain inadequately addressed.Quantum operations are primarily driven by service and user requirements, often leading to the neglect of security considerations or treating them as an afterthought.The privacy and security threats and assets related to quantum computing have not been systematically analyzed.The exploration of privacy and security threats in quantum computing for the IoT is in its infancy.The security threats to quantum computing provoke a fascinating debate within academia [2].Since quantum computing is assumed to be a significant expansion of the cloud, it is expected that many privacy and security threats from the cloud computing environment will inevitably impact quantum computing.Quantum computing faces new privacy and security threats in addition to those rooted in cloud computing.While some security threats can be mitigated through appropriate mechanisms, the distinctive features of quantum computing introduce significant challenges and threats [3].
In this study, we aimed to investigate more feasible and practical solutions for security concerns in quantum computing.To achieve this, we extensively covered various security aspects of quantum computing, including their sub-components, to facilitate the systematic management of quantum layer security.Furthermore, we developed a ranking system to prioritize and manage these security aspects.The resulting ranking will assist both academics and industry experts in dealing with security issues in quantum computing systematically.
In addition to the above, the rest of this research work is organized as follows: Section 2 discusses recent work in this domain, followed by an exploration of the recognized quantum-level security attributes and their sub-attributes.Subsequently, Section 3 outlines the materials and methods used to evaluate the impact of the key security attributes selected by the researchers in constructing their hierarchical model.Section 4 presents a comparison of the results obtained through decryption are outsourced.In 2018, Vohra et al. [14] also presented a quantum-based distributed multi-authority credit-based data access protocol.In 2017, Xiao et al. [15] proposed a comprehensive solution for fine-grained owner-enforced exploration and access control, addressing user-quantum-cloud interaction and the limitations of end procedures.
Stojmenovic et al. [16], in 2016, proposed an authentication scheme to mitigate MITM attacks.The authors concluded that encryption and decryption methods are not always well-suited due to the system's constraints.Homayoun et al. [17], employed entirely automated and quantum node ransomware detection methods for the quantum layer.They also demonstrated that deep learning methods can be used for this purpose.
Undoubtedly, quantum computing is considered more secure than cloud computing.The collected data in quantum computing is cultivated and evaluated on local quantum nodes near data sources [19], reducing dependence on network connections.Additionally, local data storage, transactions, and analysis make it more challenging for intruders to gain access to users' information.However, there are security risks associated with data transactions between the user's device and the quantum computing node or among different quantum nodes [20].Therefore, multiple threats exist in the process, and safeguarding privacy and security in quantum computing is not straightforward.Security issues can arise in various areas of quantum computing, with critical areas including networks, service infrastructure, virtualization, and users' devices.
Aggregating all quantum security-related concerns exhibits inconsistency, and there are limited solutions available to detect and prevent malicious attacks on the quantum platform.Optimal security is essential to ensure the effectiveness of quantum computing systems, making it a crucial research question [21].None of the scholarly works we referenced provided a comprehensive assessment of all aspects of quantum security.Quantum computing is vulnerable to significant threats due to its unique features [3].In the quantum computing environment, devices are primarily managed by different users, and the resources utilized by these devices are not typically examined by regulatory bodies, amplifying security threats in the quantum environment.

Hierarchical structure for evaluation
As a centralized resource, the cloud presents a significant opportunity to breach privacy.Current cloud-based security services continue to focus on perimeter-based safety [18][19][20][21][22].However, these services may impose extreme delays on numerous applications and systems that require impractically long-term communication bandwidth.If a threat manages to breach these barriers, a system with security measures in place will typically have limited and outdated capabilities to counter the compromises.Consequently, the current security model is insufficient for protecting a wide variety of IoT systems, devices, and applications.Therefore, the unique IoT security challenges outlined below need to be addressed: (1) Ensuring secure operation for a diverse array of devices.(2) Securing a wide range of resource-constrained devices.(3) Dynamically responding to security breaches based on system requirements and breach risk levels.
Quantum computing plays a pivotal role in this new security paradigm, offering a solution to enhance end-user privacy demands.Quantum systems are well-suited to provide security services across a diverse spectrum of IoT devices [23].They are physically and logically close to the endpoints, allowing for comprehensive and authentic oversight of various devices and the execution of time-sensitive and re-source-intensive security tasks on behalf of the endpoints [24].Consequently, it is essential to thoroughly examine the security fundamentals and requirements of any platform or system from the ground up.The interaction between quantum computing and heterogeneous smart devices introduces significant complexities to security management in the quantum paradigm.Consequently, a comprehensive analysis of all security elements is imperative.The structured hierarchy of various security concerns related to quantum computing, based on research findings and discussions with experts in the field.Quantum computers are capable of cracking encryption systems [3], as shown in Figure 1.According to experts, quantum computers will eventually be able to break all current cryptographic coding schemes, including RSA, Diffie-Hellman, and elliptic curve approaches [2].Quantum-safe algorithms are currently under development.When quantum computers render today's encryption technologies obsolete, these quantum safe approaches will become essential for government and commercial enterprises.This event has been coined as "Q-Day" [25].

Access control [F1]
Access management is a security strategy in a virtualized environment that governs who or what can gain access to or use resources.It is a fundamental security notion that mitigates the threat to an organization [28].There are two kinds of access control systems: physical and logical.Physical access controls the access to academic institutions, buildings, and spaces, as well as tangible IT resources.Logical access controls the restriction of access to computer network systems, system files, and data [26].Workforce access to confined business locations as well as proprietary territories, like data centers, is monitored through security access control models that depend on login details, access card users, auditing, and reports.A few of these systems have access control panels that restrict who can gain entry to rooms and housing developments.They also have alarms and lockdown mechanisms to keep individuals at bay and prevent them from entering or doing things they shouldn't [29].
Authorization [F11]: The process of permitting someone the right to use a resource is known as authorization [27].Obviously, this explanation may appear ambiguous, but many real-life circumstances can exemplify what authorization implies and how to apply those notions to computer systems.The household's ownership is a perfect example.The landlord has complete control over the assets (resources), and he or she can command the right of entry.
Identification [F12]: Identification is a subject's claim to its own identity [28].Authentication is the process of proving one's identity by supplying credentials to an access control system.The technique that determines the subject's access level(s) to the objects are called authorization.
Trust [F13]: The belief in a machine's or sensor's ability to act consistently and securely, as well as consistently within a given environment is known as trust [30].Cryptography, digital signatures, and electronic certificates are often used in M2M networks to establish trust.This method develops and assesses a trust chain among devices; however, it does not provide sufficient information about the feature of data transmission between machines.Information security is only one aspect of trust; it also comprises subjective criteria and experience.
Certification Policy [F14]: Policy for users is a process in which you validate that someone who is at-tempting to access services and applications is indeed the one who he or she claims to be [30].This can be accomplished through a variety of certification methods.

Integrity [F2]
The ability to ensure that a framework and its data have not even been tampered with is referred to as integrity.Not only is data protected by integrity preservation, but even operating systems, applications, and hardware are protected from unauthorized access [31].
Credibility [F21]: A key concern is the increased onus on the companies to reduce vulnerability in their systems due to the threat of legal action when something goes wrong [32].If data and security aren't managed carefully, this is a real risk.An example we've considered is that of an autonomous car.With no one in the driver's seat, human error is eliminated, leaving only the systems to blame when something goes wrong.
Delegation [F22]: Delegation is the procedure of a computer consumer handing over its authentication credentials to another user [31].In role-based access control models, delegation of authority involves dele-gating the roles that a user can assume or the set of permissions that the user can acquire to other users.
Responsibility [F23]: This implies using the advanced software security techniques in accordance with the technical reference architecture, implementing, testing, and running those [33].To increase software security, undertake ongoing security testing and code review.Issues that develop are troubleshot and debugged.

Authentication [F3]
Authentication is the procedure of validating the identity of the user or information [31].User authentication is the process of verifying the user's identity at the time of login.Single-Factor Authentication (SFA): This was the first security solution devised.
Inherence [F31]: The inherent risk is a vulnerability that exists within an organization prior to the implementation of security measures [33].On the other side, residual risk is evaluated after all of these inherent hazards have been mitigated by cybersecurity measures.It considers every possible attack vector that could compromise a system or its data.
Location [F32]: A secure location is an area in a defined site where entry is regulated by lock and key, backed up by an adequate security system, and only the authorized company employees have access to that [34].
Behavior [F33]: Behavior-based access control is a proactive strategy of protection in which all applicable actions are supervised to identify and address variances from regular patterns of behavior as soon as they occur [35].

Intrusion detection [F4]
An intrusion detection system, or IDS for short, keeps an eye on network and system traffic for any unusual activities [36].Intrusion detection software will provide you with a notice after possible threats have been identified.
Detection Algorithm [F41]: An intrusion detection system (IDS) is a network traffic analysis system that identifies strange activities and notifies the users when they are discovered [6][7][8].It is software that scans a computer system or network for malicious activity.Any malicious activity or policy violations are notified to an operations manager or central monitoring unit using a SIEM scheme.A SIEM scheme can collect data from various sources and use alarm scanning methods to differentiate between harmful and false alarms.
Alert Generation [F42]: IT alerting software sends out notifications when a computer system fails [9][10][11][12].These tools will keep an eye on systems for issues including slow performance, infrastructure problems, and other IT management difficulties.Email, SMS, or other forms of communication may be used to provide these notifications.These tools are used by businesses to identify problems with their networks, IT infrastructure, and other IT systems in order to save time and prevent irreversible damage.By capturing incidents, collecting historical records, and analyzing them, some tools can help speed up the resolution and recovery procedures.
Verifiability [F43]: Software verification pledges that "you built it right" as well as that the artifact, when carried, meets the developers' expectations [13].Software authentication guarantees that "you produced the proper thing" as well as that the invention, as delivered, meets the stakeholders' intended use and goals.
Monitoring [F44]: Security monitoring is the automated process of acquiring and analyzing signals of potential security threats, prioritizing them, and taking appropriate action to address them [14].

Privacy [F5]
The term "privacy software" refers to applications that are designed to keep their users' confidential [15].The program is generally used in combination with Internet usage to handle or restrict the amount of data made publicly available to third-party companies.The application is capable of a wide range of encryption and filtration.
Intrinsic [F51]: The intrinsic security model replaces the reactive model with a framework that enables the company to be proactive [16].Security is built into all of your environment's critical control points, including the network, the cloud, endpoints, workloads, and identity management.
Situation Factors [F52]: Human variables are psychological, physiological, and environmental characteristics that are both inherent in humans and influence how they interact with the rest of the world [17,18].Human variables such as fatigue, time of day, diversions, and the way information is displayed on a screen are used to demonstrate the impact on how successfully individuals perform their tasks and how secure they are in industries such as aviation, trucking, healthcare, manufacturing, and nuclear power.
Legislation and Government [F53]: Security legislation refers to all the laws that govern security protocols from time to time, along with the Aviation and Maritime Security Act of 1990, the International Code for the Security of Ships, as well as Port Facilities, and any manually configuring or substituting security legislative action [36].

Materials and methods
The Managing security in software is the task of design management [28][29][30][31].To make an effective and secure software design, it is always significant to work on the tactics of the design management [32].Hence, prioritizing this approach, we consulted several industry experts and researchers working in this area.After collating the recommendations given by these experts, we classified the various tactics and their sub-tactics.Thereafter, the next step was to design the computational model.For this, we adopted the most significant MCDM approach in the current era, i.e., fuzzy AHP-TOPSIS [36][37][38][39].This approach provides an efficient and effective outcome in a situation where the user has more than one option to choose from.A descriptive discussion of the methodology is enunciated below.
Its fundamental precept is to find the highest-quality viable replacement among a set of alternative strategies and then rank all of them on the basis of their evaluation metrics.Fuzzy-based AHP is used throughout for the research to demonstrate the weights of the criterion (characteristics), as well as fuzzy-based TOPSIS, which is used to prioritize the alternatives [40].To figure out how to calculate the results for this method, we did the following: Step 1: Triangular Fuzzy Number (TFN) is architecturally a triplet (f1, f2, f3) wherein f1 < f2 < f3 and f1 represent minor importance, f2 middle one and < f3 signifies upper importance.The membership function of the fuzzy number ~T is confirmed with the assistance of Eqs (1) and (2) as well as the quantity is documented as TFN. Figure 2 demonstrates the structure of a TFN. (1) As per the triangular membership function, Eq (l), mi and u represent the lower, middle, and upper limit for triangular membership numbers.After that, a fuzzy transformation is completed on these numeric statistics.To transform the numeric data into TFNs, Eqs (3)-( 6) are employed as well as represented as (f1ij, f2ij, f3ij), where f1ij grants low importance, f2ij grants middle importance, and f3ij grants upper importance (Table 1).Additional TFN [ij] is distinct, such as: Where, and u ij = (J ijd ) Table 1.TFN scale.

Saaty Scale Definition Scale Equally significant
(1, 1, 1) Inadequately significant (2, 3, 4) Equitably significant (4, 5, 6) Sturdily significant (6, 7, 8) Categorically significant (9,9,9) The Table 1, mention the literature value of the initial data.The 'Jijk' denotes the degree of importance of attributes among some of the two factors using professional opinion as well as the expressions presented above.I and j are the element pairs that are evaluated and symbolized.Furthermore, the processes on the two TFNs are carried out with the assistance of Eqs ( 7)-( 9).Supposing T1 and T2 are two TFNs, T1 = (f11, f21, f31) and T2 = (f12, f22, f32).At that moment, the functioning rules for them would be: U(x) (11) Using Eq (12), we integrate the experts' opinions into the mathematical function and try to elaborate on them in it.
We use the following Eqs ( 13)-( 16) to normalize the value and find the geometric mean of functions.
Now, after conducting all these steps and solving the equations, the BNP value is determined using Eq (17).
This completes the process for the fuzzy-AHP methodology.After this, the TOPSIS part begins.We adopt the TOPSIS methodology to test the ranking and effectiveness of the evaluated outcomes in a simulation scenario to validate the outcomes.The descriptive steps that were followed during this methodology are discussed below: Using Table 2 and Eq (18), we prepared the correlation between the previously evaluated data and the tested alternatives.(5, 7, 9) Exact Worthy (EW) (7,9,10) To make the standard of the function, Eq (19) is used, and after that, to create the grid, Eq (20) is utilized.

P ̃= [P ̃ij ] m×n
After identifying all these attributes and equations, the next step is to evaluate the gap degree by the following Eq (21).
After evaluating all these equations and formulae, we found the whole simulated scenario of security tactics.This computational methodology is most effective in the current situation of its real-world application capability.We attempted a simulator approach to test the efficacy of the above technique.

Statistical findings
To apply the above-discussed technique in a real-world scenario, we prepared a security tactic based on the tree structure that has already been discussed in Figure 1.We applied the adopted approach of fuzzy-AHP-TOPSIS to the stated readings in Figure 1 and evaluated the results in a computational manner that would facilitate the industry's development.Moreover, the hierarchical structure has different security issues and tactics that will enhance the development of software.Using the method described in the previous section, we performed the computational analysis to come up with Table 1 and Eqs (1) to (17).Further, from Table 3 to Table 8, we are showing the integrated fuzzy-based comparison matrices as per Figure 1.In addition, Table 9 to Table 14 shows the defuzzified values for various groups, and Table 15 represents the final weights of the attributes.The Tables 9 to 14 are evaluating the weight of the factors related to the quantum security.After analyzing the fuzzy AHP technique and its priority list, we evaluated the overall impact by adopting the TOPSIS approach.To perform this approach, we took fifteen real-time projects from Babasaheb Bhimrao Ambedkar University, Lucknow, Uttar Pradesh, India.These projects' data comprised a repository of the results of quiz competitions and entrance tests held at the university over a two-to five-year period.The selected projects were taken as the alternatives in this study.The sensitivity of these selected alternatives was very high.Table 16 and Table 17 demonstrate the use of the fuzzy TOPSIS method (Table 2 and Eqs ( 18)-( 21)) to evaluate the results.
For calculating the normalized values and various other computational outcomes, we performed the gap degree analysis of evaluated numerical values to test which alternative performance was the highest and which one was the lowest.The assessed outcomes are discussed in the following Table 18 and Figure 3.The evaluated results from the fuzzy TOPSIS approach corroborate that the results are totally verified and fairly accurate.

Comparison with the classical approach
Establishing the validity of the results is always a key point in any type of computational approach [32,33].For affirming the accuracy and reliability of any methodology, comparison analysis is the most apt methodology [41].In this study, the comparison was performed with four other similar techniques that are described below in Table 19 and Figure 4.All these approaches are similar to the selected one and were performed on the same alternatives for better understanding.The coefficient gap value in all these techniques is 0.7681.After a thorough analysis of the evaluated comparison analysis result, it is clear that the adopted methodology has a more effective outcome than the other selected approaches.Evidently, the performance of the alternatives in the selected approach is better than the other techniques.The choice between AHP TOPSIS and ANP TOPSIS depends on how complex and what kind of problem it is.ANP TOPSIS provides a more sophisticated framework to dynamic in circumstances with intricate relationships and interdependencies, but AHP TOPSIS is more understandable and rational for a range of leveled difficulties.

Discussions
The concept of structural security management was first developed in 2017 [11].However, after many years of this concept, the challenges and issues of creating design-based security are the same and more complex due to software's large-scale production and application [34,36].Securing the data in the software and ensuring that the application is always sustainable continue to be formidable challenges for the developers.
In such a scenario, the best recourse is the suggested mechanism in this study for producing effective solutions.The proposed study adopted a computational mechanism for assessing possible significant tactics that can make any software secure.These tactics and their evaluation through the adopted computational methodology will help the developers understand and use the evaluated results as an example.Moreover, the proposed mechanism would prove to be one of the essential practices for achieving the desired level of security in a quantum computing system.The analytic results mention F5 > F1 > F3 > F4 > F2, where integrity of the data got the highest weight and privacy got the least.In next level, Legislation and Government got the high weight with the least identification, F53 > F51 > F52 > F31 > F32 > F23 > F22 > F33 > F44 > F43 > F21 > F41 > F42 > F11 > F14 > F13 > F12, and A4 > A7 > A5 > A3 > A6 > A2 > A1.The significant contributions of this study can be summarized as follows: (1) It is always more effective to perform a numerical analysis of any situation instead of understanding it through a theoretical background.(2) We undertook a unique and effective quantitative analysis of security tactics through a computational approach that was developed by the quantum computing technique.(3) The domains or tactics selected in this study are effective and would be useful for secure web application development.(4) The systematic pathway proposed in the study can be employed by the developers for producing effective security in web applications.(5) The results showed that confidentiality is one of the most effective security tactics among all the ones selected.The pros and cons of this study may be listed as:

Pros
Using security tactics for security management by associating a computational approach is a highly feasible, economically viable, and workable methodology for security designers working at any stage of security design.The prioritized scheme of security tactics in this study is an effective example to be alluded to during development.

Figure 1 .
Figure 1.Tree structure of quantum security issues.

Figure 4 .
Figure 4. Graphical representation of the comparative results.

Table 3 .
Integrated fuzzy based comparison matrix at level 1. Tables 3-8 are showing the initial value of the pairwise comparison matrix.The values are further evaluated by the Eqs 1 to 10.

Table 4 .
Integrated fuzzy based comparison matrix for F1 at level 2.

Table 5 .
Integrated fuzzy based comparison matrix for F2 at level 2.

Table 6 .
Integrated fuzzy based comparison matrix for F3 at level 2.

Table 7 .
Integrated fuzzy based comparison matrix for F4 at level 2.

Table 8 .
Integrated fuzzy based comparison matrix for F5 at level 2.

Table 9 .
Integrated comparison matrix and local weights at level 1.

Table 10 .
Integrated comparison matrix and local weights for F1 at level 2.

Table 11 .
Integrated comparison matrix and local weights for F2 at level 2.

Table 12 .
Integrated comparison matrix and local weights for F3 at level 2.

Table 13 .
Integrated comparison matrix and local weights for F4 at level 2.

Table 14 .
Integrated comparison matrix and local weights for F5 at level 2.

Table 18 .
Closeness coefficients of the selected alternatives.